ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
References
Link | Resource |
---|---|
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: krcert
Published: 2019-10-30T20:55:11
Updated: 2019-10-30T20:55:11
Reserved: 2019-10-07T00:00:00
Link: CVE-2019-17325
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-30T21:15:12.130
Modified: 2019-11-01T19:26:24.977
Link: CVE-2019-17325
JSON object: View
Redhat Information
No data.
CWE